Versions Compared

Version Old Version 57 New Version 58
Changes made by

Benjamin Hartung

Benjamin Hartung

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Why is SUNY Fredonia requiring this TRP?

...

Step 5: Information Security Review - The Information Security Office (“ISO) performs an Information Security risk assessment using SUNY standards to ensure that the software is secure and meets regulatory requirements. If the request is funded by the Research Foundation, the ISO will add the Interim Director, Grants & Sponsored Programs to the ticket as a participant. All software that uses university-regulated data must be approved by the Chief Information Security Officer (CISO) or designee.

Step 1.

...

In order to complete the required Data Security Risk Assessment, please confirm the University data types that you are requesting to be used with this solution by completing a Data Security Risk Assessment Form.

Step 2. The CISO or designee will review and then reach out to you or the vendor (if needed) to obtain further information. The CISO may need to contact the vendor to obtain a Higher Education Community Vendor Assessment Tool (HECVAT) and/or SOC 2 Type 2 report if University Category 2 and 3 data is requested to be used.

Step 3. After the CISO reviews and approves the requested data, the ticket will be moved to the next step: Electronic Accessibility Technology Review. 

If you have questions regarding this documentation, please contact the Information Security Office at Fredonia ISO.

Step 6: Electronic Accessibility Technology Review -  In accordance with SUNY EIT Accessibility Policy, the Academic and Collaborative Technology (ACT) Office performs a review for EIT accessibility. This includes the review of documentation verifying EIT accessibility conformance (VPAT - Voluntary Product Accessibility Template), reviewing accessibility roadmaps, and evaluating high-impact EIT products. Documentation verifying EIT accessibility conformance is required. If you have questions regarding this documentation, please contact the Academic and Collaborative Technology Office. After the EIT Accessibility review has been completed, the Tracker ticket will be reviewed by the CIO or designee before being forwarded on to the Contract Services department. 

...